On Mon, Jun 7, 2010 at 5:02 PM, Dan Carpenter <error27@xxxxxxxxx> wrote:
> The avtab_read_item() function tends to return -1 as a default error
> code which is wrong (-1 means -EPERM). I modified it to return
> appropriate error codes which is -EINVAL or the error code from
> next_entry() or insertf().
>
> next_entry() returns -EINVAL.
> insertf() is a function pointer to either avtab_insert() or
> cond_insertf().
> avtab_insert() returns -EINVAL, -ENOMEM, and -EEXIST.
> cond_insertf() currently returns -1, but I will fix it in a later patch.
>
> There is code in avtab_read() which translates the -1 returns from
> avtab_read_item() to -EINVAL. The translation is no longer needed, so I
> removed it.
>
> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
I did these same patches a month ago and they were pretty much
completely ignored. Glad to see someone else is trying again.
Acked-by: Eric Paris <eparis@xxxxxxxxxx>
> diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
> index 1215b8e..fe62d82 100644
> --- a/security/selinux/ss/avtab.c
> +++ b/security/selinux/ss/avtab.c
> @@ -344,18 +344,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> rc = next_entry(buf32, fp, sizeof(u32));
> if (rc < 0) {
> printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> - return -1;
> + return rc;
> }
> items2 = le32_to_cpu(buf32[0]);
> if (items2 > ARRAY_SIZE(buf32)) {
> printk(KERN_ERR "SELinux: avtab: entry overflow\n");
> - return -1;
> + return -EINVAL;
>
> }
> rc = next_entry(buf32, fp, sizeof(u32)*items2);
> if (rc < 0) {
> printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> - return -1;
> + return rc;
> }
> items = 0;
>
> @@ -363,19 +363,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> key.source_type = (u16)val;
> if (key.source_type != val) {
> printk(KERN_ERR "SELinux: avtab: truncated source type\n");
> - return -1;
> + return -EINVAL;
> }
> val = le32_to_cpu(buf32[items++]);
> key.target_type = (u16)val;
> if (key.target_type != val) {
> printk(KERN_ERR "SELinux: avtab: truncated target type\n");
> - return -1;
> + return -EINVAL;
> }
> val = le32_to_cpu(buf32[items++]);
> key.target_class = (u16)val;
> if (key.target_class != val) {
> printk(KERN_ERR "SELinux: avtab: truncated target class\n");
> - return -1;
> + return -EINVAL;
> }
>
> val = le32_to_cpu(buf32[items++]);
> @@ -383,12 +383,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
>
> if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
> printk(KERN_ERR "SELinux: avtab: null entry\n");
> - return -1;
> + return -EINVAL;
> }
> if ((val & AVTAB_AV) &&
> (val & AVTAB_TYPE)) {
> printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
> - return -1;
> + return -EINVAL;
> }
>
> for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
> @@ -403,7 +403,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
>
> if (items != items2) {
> printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
> - return -1;
> + return -EINVAL;
> }
> return 0;
> }
> @@ -411,7 +411,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> rc = next_entry(buf16, fp, sizeof(u16)*4);
> if (rc < 0) {
> printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> - return -1;
> + return rc;
> }
>
> items = 0;
> @@ -424,7 +424,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> !policydb_type_isvalid(pol, key.target_type) ||
> !policydb_class_isvalid(pol, key.target_class)) {
> printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
> - return -1;
> + return -EINVAL;
> }
>
> set = 0;
> @@ -434,19 +434,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> }
> if (!set || set > 1) {
> printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
> - return -1;
> + return -EINVAL;
> }
>
> rc = next_entry(buf32, fp, sizeof(u32));
> if (rc < 0) {
> printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> - return -1;
> + return rc;
> }
> datum.data = le32_to_cpu(*buf32);
> if ((key.specified & AVTAB_TYPE) &&
> !policydb_type_isvalid(pol, datum.data)) {
> printk(KERN_ERR "SELinux: avtab: invalid type\n");
> - return -1;
> + return -EINVAL;
> }
> return insertf(a, &key, &datum, p);
> }
> @@ -487,8 +487,7 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
> printk(KERN_ERR "SELinux: avtab: out of memory\n");
> else if (rc == -EEXIST)
> printk(KERN_ERR "SELinux: avtab: duplicate entry\n");
> - else
> - rc = -EINVAL;
> +
> goto bad;
> }
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
